//===----------------------------------------------------------------------===//
//
// This source file is part of the Soto for AWS open source project
//
// Copyright (c) 2017-2022 the Soto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Soto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

// THIS FILE IS AUTOMATICALLY GENERATED by https://github.com/soto-project/soto-codegenerator.
// DO NOT EDIT.

import Foundation
import SotoCore

extension SecretsManager {
    // MARK: Enums

    public enum FilterNameStringType: String, CustomStringConvertible, Codable, _SotoSendable {
        case all
        case description
        case name
        case owningService = "owning-service"
        case primaryRegion = "primary-region"
        case tagKey = "tag-key"
        case tagValue = "tag-value"
        public var description: String { return self.rawValue }
    }

    public enum SortOrderType: String, CustomStringConvertible, Codable, _SotoSendable {
        case asc
        case desc
        public var description: String { return self.rawValue }
    }

    public enum StatusType: String, CustomStringConvertible, Codable, _SotoSendable {
        case failed = "Failed"
        case inProgress = "InProgress"
        case inSync = "InSync"
        public var description: String { return self.rawValue }
    }

    // MARK: Shapes

    public struct CancelRotateSecretRequest: AWSEncodableShape {
        /// The ARN or name of the secret. For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN.
        public let secretId: String

        public init(secretId: String) {
            self.secretId = secretId
        }

        public func validate(name: String) throws {
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case secretId = "SecretId"
        }
    }

    public struct CancelRotateSecretResponse: AWSDecodableShape {
        /// The ARN of the secret.
        public let arn: String?
        /// The name of the secret.
        public let name: String?
        /// The unique identifier of the version of the secret created during the rotation. This version might not be complete, and should be evaluated for possible deletion. We recommend  that you remove the VersionStage value AWSPENDING from this version so that  Secrets Manager can delete it. Failing to clean up a cancelled rotation can block you from starting future rotations.
        public let versionId: String?

        public init(arn: String? = nil, name: String? = nil, versionId: String? = nil) {
            self.arn = arn
            self.name = name
            self.versionId = versionId
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case name = "Name"
            case versionId = "VersionId"
        }
    }

    public struct CreateSecretRequest: AWSEncodableShape {
        /// A list of Regions and KMS keys to replicate secrets.
        public let addReplicaRegions: [ReplicaRegionType]?
        /// If you include SecretString or SecretBinary, then  Secrets Manager creates an initial version for the secret, and this parameter specifies the unique identifier for the new version.   If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it as the value for this parameter in the request. If you don't use the SDK and instead generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a ClientRequestToken yourself for the new version and include the value in the request.  This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during a rotation. We recommend that you generate a UUID-type value to ensure uniqueness of your versions within the specified secret.    If the ClientRequestToken value isn't already associated with a version of the secret then a new version of the secret is created.    If a version with this value already exists and the version SecretString and SecretBinary values are the same as those in the request, then the request is ignored.   If a version with this value already exists and that version's SecretString and SecretBinary values are different from those in the request, then the request fails because you cannot modify an existing version. Instead, use PutSecretValue to create a new version.   This value becomes the VersionId of the new version.
        public let clientRequestToken: String?
        /// The description of the secret.
        public let description: String?
        /// Specifies whether to overwrite a secret with the same name in the destination Region.
        public let forceOverwriteReplicaSecret: Bool?
        /// The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt the secret value in the secret. An alias is always prefixed by alias/,  for example alias/aws/secretsmanager. For more information, see About aliases. To use a KMS key in a different account, use the key ARN or the alias ARN. If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager.  If that key doesn't yet exist, then Secrets Manager creates it for you automatically the first time it  encrypts the secret value. If the secret is in a different Amazon Web Services account from the credentials calling the API, then  you can't use aws/secretsmanager to encrypt the secret, and you must create  and use a customer managed KMS key.
        public let kmsKeyId: String?
        /// The name of the new secret. The secret name can contain ASCII letters, numbers, and the following characters: /_+=.@- Do not end your secret name with a hyphen followed by six characters. If you do so, you risk confusion and unexpected results when searching for a secret by partial ARN. Secrets Manager automatically adds a hyphen and six random characters after the secret name at the end of the ARN.
        public let name: String
        /// The binary data to encrypt and store in the new version of the secret. We recommend that you store your binary data in a file and then pass the contents of the file as a parameter. Either SecretString or SecretBinary must have a value, but not both. This parameter is not available in the Secrets Manager console.
        public let secretBinary: AWSBase64Data?
        /// The text data to encrypt and store in this new version of the secret. We recommend you use a JSON structure of key/value pairs for your secret value. Either SecretString or SecretBinary must have a value, but not both. If you create a secret by using the Secrets Manager console then Secrets Manager puts the protected secret text in only the SecretString parameter. The Secrets Manager console stores the information as a JSON structure of key/value pairs that a Lambda rotation function can parse.
        public let secretString: String?
        /// A list of tags to attach to the secret. Each tag is a key and value pair of strings in a JSON text string, for example:  [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]  Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a different tag from one with key "abc". If you check tags in permissions policies as part of your security strategy, then adding or removing a tag can change permissions. If the completion of this operation would result in you losing your permissions for this secret, then Secrets Manager blocks the operation and returns an Access Denied error. For more information, see Control  access to secrets using tags and Limit access to identities with tags that match secrets' tags. For information about how to format a JSON parameter for the various command line tool environments, see Using JSON for Parameters. If your command-line tool or SDK requires quotation marks around the parameter, you should use single quotes to avoid confusion with the double quotes required in the JSON text. The following restrictions apply to tags:   Maximum number of tags per secret: 50   Maximum key length: 127 Unicode characters in UTF-8   Maximum value length: 255 Unicode characters in UTF-8   Tag keys and values are case sensitive.   Do not use the aws: prefix in your tag names or values because Amazon Web Services reserves it for Amazon Web Services use. You can't edit or delete tag names or values with this  prefix. Tags with this prefix do not count against your tags per secret limit.   If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.
        public let tags: [Tag]?

        public init(addReplicaRegions: [ReplicaRegionType]? = nil, clientRequestToken: String? = CreateSecretRequest.idempotencyToken(), description: String? = nil, forceOverwriteReplicaSecret: Bool? = nil, kmsKeyId: String? = nil, name: String, secretBinary: AWSBase64Data? = nil, secretString: String? = nil, tags: [Tag]? = nil) {
            self.addReplicaRegions = addReplicaRegions
            self.clientRequestToken = clientRequestToken
            self.description = description
            self.forceOverwriteReplicaSecret = forceOverwriteReplicaSecret
            self.kmsKeyId = kmsKeyId
            self.name = name
            self.secretBinary = secretBinary
            self.secretString = secretString
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.addReplicaRegions?.forEach {
                try $0.validate(name: "\(name).addReplicaRegions[]")
            }
            try self.validate(self.addReplicaRegions, name: "addReplicaRegions", parent: name, min: 1)
            try self.validate(self.clientRequestToken, name: "clientRequestToken", parent: name, max: 64)
            try self.validate(self.clientRequestToken, name: "clientRequestToken", parent: name, min: 32)
            try self.validate(self.description, name: "description", parent: name, max: 2048)
            try self.validate(self.kmsKeyId, name: "kmsKeyId", parent: name, max: 2048)
            try self.validate(self.name, name: "name", parent: name, max: 512)
            try self.validate(self.name, name: "name", parent: name, min: 1)
            try self.validate(self.secretBinary, name: "secretBinary", parent: name, max: 65536)
            try self.validate(self.secretString, name: "secretString", parent: name, max: 65536)
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case addReplicaRegions = "AddReplicaRegions"
            case clientRequestToken = "ClientRequestToken"
            case description = "Description"
            case forceOverwriteReplicaSecret = "ForceOverwriteReplicaSecret"
            case kmsKeyId = "KmsKeyId"
            case name = "Name"
            case secretBinary = "SecretBinary"
            case secretString = "SecretString"
            case tags = "Tags"
        }
    }

    public struct CreateSecretResponse: AWSDecodableShape {
        /// The ARN of the new secret. The ARN includes the name of the secret followed by six random  characters. This ensures that if you create a new secret with the same name as a deleted secret,  then users with access to the old secret don't get access to the new secret because the ARNs  are different.
        public let arn: String?
        /// The name of the new secret.
        public let name: String?
        /// A list of the replicas of this secret and their status:    Failed, which indicates that the replica was not created.    InProgress, which indicates that Secrets Manager is in the process of creating the replica.    InSync, which indicates that the replica was created.
        public let replicationStatus: [ReplicationStatusType]?
        /// The unique identifier associated with the version of the new secret.
        public let versionId: String?

        public init(arn: String? = nil, name: String? = nil, replicationStatus: [ReplicationStatusType]? = nil, versionId: String? = nil) {
            self.arn = arn
            self.name = name
            self.replicationStatus = replicationStatus
            self.versionId = versionId
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case name = "Name"
            case replicationStatus = "ReplicationStatus"
            case versionId = "VersionId"
        }
    }

    public struct DeleteResourcePolicyRequest: AWSEncodableShape {
        /// The ARN or name of the secret to delete the attached resource-based policy for. For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN.
        public let secretId: String

        public init(secretId: String) {
            self.secretId = secretId
        }

        public func validate(name: String) throws {
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case secretId = "SecretId"
        }
    }

    public struct DeleteResourcePolicyResponse: AWSDecodableShape {
        /// The ARN of the secret that the resource-based policy was deleted for.
        public let arn: String?
        /// The name of the secret that the resource-based policy was deleted for.
        public let name: String?

        public init(arn: String? = nil, name: String? = nil) {
            self.arn = arn
            self.name = name
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case name = "Name"
        }
    }

    public struct DeleteSecretRequest: AWSEncodableShape {
        /// Specifies whether to delete the secret without any recovery window. You can't use both this parameter and RecoveryWindowInDays in the same call. If you don't use either, then Secrets Manager defaults to a 30 day recovery window. Secrets Manager performs the actual deletion with an asynchronous background process, so there might  be a short delay before the secret is permanently deleted. If you delete a secret and then  immediately create a secret with the same name, use appropriate back off and retry logic.  Use this parameter with caution. This parameter causes the operation to skip the normal recovery window before the permanent deletion that Secrets Manager would normally impose with the RecoveryWindowInDays parameter. If you delete a secret with the ForceDeleteWithoutRecovery parameter, then you have no opportunity to recover the secret. You lose the secret permanently.
        public let forceDeleteWithoutRecovery: Bool?
        /// The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can't use both this parameter and ForceDeleteWithoutRecovery in the same call. If you don't use either, then Secrets Manager defaults to a 30 day recovery window.
        public let recoveryWindowInDays: Int64?
        /// The ARN or name of the secret to delete. For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN.
        public let secretId: String

        public init(forceDeleteWithoutRecovery: Bool? = nil, recoveryWindowInDays: Int64? = nil, secretId: String) {
            self.forceDeleteWithoutRecovery = forceDeleteWithoutRecovery
            self.recoveryWindowInDays = recoveryWindowInDays
            self.secretId = secretId
        }

        public func validate(name: String) throws {
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case forceDeleteWithoutRecovery = "ForceDeleteWithoutRecovery"
            case recoveryWindowInDays = "RecoveryWindowInDays"
            case secretId = "SecretId"
        }
    }

    public struct DeleteSecretResponse: AWSDecodableShape {
        /// The ARN of the secret.
        public let arn: String?
        /// The date and time after which this secret Secrets Manager can permanently delete this secret,  and it can no longer be restored. This value is the date and time of the delete request  plus the number of days in RecoveryWindowInDays.
        public let deletionDate: Date?
        /// The name of the secret.
        public let name: String?

        public init(arn: String? = nil, deletionDate: Date? = nil, name: String? = nil) {
            self.arn = arn
            self.deletionDate = deletionDate
            self.name = name
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case deletionDate = "DeletionDate"
            case name = "Name"
        }
    }

    public struct DescribeSecretRequest: AWSEncodableShape {
        /// The ARN or name of the secret.  For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN.
        public let secretId: String

        public init(secretId: String) {
            self.secretId = secretId
        }

        public func validate(name: String) throws {
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case secretId = "SecretId"
        }
    }

    public struct DescribeSecretResponse: AWSDecodableShape {
        /// The ARN of the secret.
        public let arn: String?
        /// The date the secret was created.
        public let createdDate: Date?
        /// The date the secret is scheduled for deletion. If it is not scheduled for deletion, this  field is omitted. When you delete a secret, Secrets Manager requires a  recovery window of at least 7 days before deleting the secret. Some time after the deleted date,  Secrets Manager deletes the secret, including all of its versions. If a secret is scheduled for deletion, then its details, including the encrypted secret value, is not accessible. To cancel a scheduled deletion and restore access to the secret, use RestoreSecret.
        public let deletedDate: Date?
        /// The description of the secret.
        public let description: String?
        /// The key ID or alias ARN of the KMS key that Secrets Manager uses to encrypt the secret value.  If the secret is encrypted with the Amazon Web Services managed key aws/secretsmanager,  this field is omitted. Secrets created using the console use an KMS key ID.
        public let kmsKeyId: String?
        /// The date that the secret was last accessed in the Region. This field is omitted if the secret has never been retrieved in the Region.
        public let lastAccessedDate: Date?
        /// The last date and time that this secret was modified in any way.
        public let lastChangedDate: Date?
        /// The last date and time that Secrets Manager rotated the secret.  If the secret isn't configured for rotation, Secrets Manager returns null.
        public let lastRotatedDate: Date?
        /// The name of the secret.
        public let name: String?
        public let nextRotationDate: Date?
        /// The ID of the service that created this secret. For more information, see Secrets managed by other Amazon Web Services services.
        public let owningService: String?
        /// The Region the secret is in. If a secret is replicated to other Regions, the replicas are listed in ReplicationStatus.
        public let primaryRegion: String?
        /// A list of the replicas of this secret and their status:     Failed, which indicates that the replica was not created.    InProgress, which indicates that Secrets Manager is in the process of creating the replica.    InSync, which indicates that the replica was created.
        public let replicationStatus: [ReplicationStatusType]?
        /// Specifies whether automatic rotation is turned on for this secret. To turn on rotation, use RotateSecret. To turn off rotation, use CancelRotateSecret.
        public let rotationEnabled: Bool?
        /// The ARN of the Lambda function that Secrets Manager invokes to rotate the secret.
        public let rotationLambdaARN: String?
        /// The rotation schedule and Lambda function for this secret. If the secret previously had rotation turned on, but  it is now turned off, this field shows the previous rotation schedule and rotation function. If the secret never had  rotation turned on, this field is omitted.
        public let rotationRules: RotationRulesType?
        /// The list of tags attached to the secret. To add tags to a secret, use TagResource. To remove tags, use UntagResource.
        public let tags: [Tag]?
        /// A list of the versions of the secret that have staging labels attached. Versions that don't have staging labels are considered deprecated and Secrets Manager  can delete them. Secrets Manager uses staging labels to indicate the status of a secret version during rotation. The three  staging labels for rotation are:     AWSCURRENT, which indicates the current version of the secret.    AWSPENDING, which indicates the version of the secret that contains new  secret information that will become the next current version when rotation finishes. During   rotation, Secrets Manager creates an AWSPENDING version ID before creating the new secret version.  To check if a secret version exists, call GetSecretValue.    AWSPREVIOUS, which indicates the previous current version of the secret.  You can use this as the last known good version.   For more information about rotation and staging labels, see How rotation works.
        public let versionIdsToStages: [String: [String]]?

        public init(arn: String? = nil, createdDate: Date? = nil, deletedDate: Date? = nil, description: String? = nil, kmsKeyId: String? = nil, lastAccessedDate: Date? = nil, lastChangedDate: Date? = nil, lastRotatedDate: Date? = nil, name: String? = nil, nextRotationDate: Date? = nil, owningService: String? = nil, primaryRegion: String? = nil, replicationStatus: [ReplicationStatusType]? = nil, rotationEnabled: Bool? = nil, rotationLambdaARN: String? = nil, rotationRules: RotationRulesType? = nil, tags: [Tag]? = nil, versionIdsToStages: [String: [String]]? = nil) {
            self.arn = arn
            self.createdDate = createdDate
            self.deletedDate = deletedDate
            self.description = description
            self.kmsKeyId = kmsKeyId
            self.lastAccessedDate = lastAccessedDate
            self.lastChangedDate = lastChangedDate
            self.lastRotatedDate = lastRotatedDate
            self.name = name
            self.nextRotationDate = nextRotationDate
            self.owningService = owningService
            self.primaryRegion = primaryRegion
            self.replicationStatus = replicationStatus
            self.rotationEnabled = rotationEnabled
            self.rotationLambdaARN = rotationLambdaARN
            self.rotationRules = rotationRules
            self.tags = tags
            self.versionIdsToStages = versionIdsToStages
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case createdDate = "CreatedDate"
            case deletedDate = "DeletedDate"
            case description = "Description"
            case kmsKeyId = "KmsKeyId"
            case lastAccessedDate = "LastAccessedDate"
            case lastChangedDate = "LastChangedDate"
            case lastRotatedDate = "LastRotatedDate"
            case name = "Name"
            case nextRotationDate = "NextRotationDate"
            case owningService = "OwningService"
            case primaryRegion = "PrimaryRegion"
            case replicationStatus = "ReplicationStatus"
            case rotationEnabled = "RotationEnabled"
            case rotationLambdaARN = "RotationLambdaARN"
            case rotationRules = "RotationRules"
            case tags = "Tags"
            case versionIdsToStages = "VersionIdsToStages"
        }
    }

    public struct Filter: AWSEncodableShape {
        /// The following are keys you can use:    description: Prefix match, not case-sensitive.    name: Prefix match, case-sensitive.    tag-key: Prefix match, case-sensitive.    tag-value: Prefix match, case-sensitive.    primary-region: Prefix match, case-sensitive.    all: Breaks the filter value string into words and then searches all attributes for matches. Not case-sensitive.
        public let key: FilterNameStringType?
        /// The keyword to filter for. You can prefix your search value with an exclamation mark (!) in order to perform negation filters.
        public let values: [String]?

        public init(key: FilterNameStringType? = nil, values: [String]? = nil) {
            self.key = key
            self.values = values
        }

        public func validate(name: String) throws {
            try self.values?.forEach {
                try validate($0, name: "values[]", parent: name, max: 512)
                try validate($0, name: "values[]", parent: name, pattern: "^\\!?[a-zA-Z0-9 :_@\\/\\+\\=\\.\\-\\!]*$")
            }
            try self.validate(self.values, name: "values", parent: name, max: 10)
            try self.validate(self.values, name: "values", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
            case values = "Values"
        }
    }

    public struct GetRandomPasswordRequest: AWSEncodableShape {
        /// A string of the characters that you don't want in the password.
        public let excludeCharacters: String?
        /// Specifies whether to exclude lowercase letters from the password. If you don't include this switch, the password can contain lowercase letters.
        public let excludeLowercase: Bool?
        /// Specifies whether to exclude numbers from the password. If you don't  include this switch, the password can contain numbers.
        public let excludeNumbers: Bool?
        /// Specifies whether to exclude the following punctuation characters from the password:  ! " # $ % & ' ( ) * + , - . / : ;  ? @ [ \ ] ^ _ ` { | } ~.  If you don't include this switch, the password can contain punctuation.
        public let excludePunctuation: Bool?
        /// Specifies whether to exclude uppercase letters from the password. If you  don't include this switch, the password can contain uppercase letters.
        public let excludeUppercase: Bool?
        /// Specifies whether to include the space character. If you  include this switch, the password can contain space characters.
        public let includeSpace: Bool?
        /// The length of the password. If you don't include this parameter, the  default length is 32 characters.
        public let passwordLength: Int64?
        /// Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation.  If you don't include this switch, the password contains at least one of every character type.
        public let requireEachIncludedType: Bool?

        public init(excludeCharacters: String? = nil, excludeLowercase: Bool? = nil, excludeNumbers: Bool? = nil, excludePunctuation: Bool? = nil, excludeUppercase: Bool? = nil, includeSpace: Bool? = nil, passwordLength: Int64? = nil, requireEachIncludedType: Bool? = nil) {
            self.excludeCharacters = excludeCharacters
            self.excludeLowercase = excludeLowercase
            self.excludeNumbers = excludeNumbers
            self.excludePunctuation = excludePunctuation
            self.excludeUppercase = excludeUppercase
            self.includeSpace = includeSpace
            self.passwordLength = passwordLength
            self.requireEachIncludedType = requireEachIncludedType
        }

        public func validate(name: String) throws {
            try self.validate(self.excludeCharacters, name: "excludeCharacters", parent: name, max: 4096)
            try self.validate(self.passwordLength, name: "passwordLength", parent: name, max: 4096)
            try self.validate(self.passwordLength, name: "passwordLength", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case excludeCharacters = "ExcludeCharacters"
            case excludeLowercase = "ExcludeLowercase"
            case excludeNumbers = "ExcludeNumbers"
            case excludePunctuation = "ExcludePunctuation"
            case excludeUppercase = "ExcludeUppercase"
            case includeSpace = "IncludeSpace"
            case passwordLength = "PasswordLength"
            case requireEachIncludedType = "RequireEachIncludedType"
        }
    }

    public struct GetRandomPasswordResponse: AWSDecodableShape {
        /// A string with the password.
        public let randomPassword: String?

        public init(randomPassword: String? = nil) {
            self.randomPassword = randomPassword
        }

        private enum CodingKeys: String, CodingKey {
            case randomPassword = "RandomPassword"
        }
    }

    public struct GetResourcePolicyRequest: AWSEncodableShape {
        /// The ARN or name of the secret to retrieve the attached resource-based policy for. For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN.
        public let secretId: String

        public init(secretId: String) {
            self.secretId = secretId
        }

        public func validate(name: String) throws {
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case secretId = "SecretId"
        }
    }

    public struct GetResourcePolicyResponse: AWSDecodableShape {
        /// The ARN of the secret that the resource-based policy was retrieved for.
        public let arn: String?
        /// The name of the secret that the resource-based policy was retrieved for.
        public let name: String?
        /// A JSON-formatted string that contains the permissions policy  attached to the secret. For more information about permissions policies, see Authentication and access control for Secrets Manager.
        public let resourcePolicy: String?

        public init(arn: String? = nil, name: String? = nil, resourcePolicy: String? = nil) {
            self.arn = arn
            self.name = name
            self.resourcePolicy = resourcePolicy
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case name = "Name"
            case resourcePolicy = "ResourcePolicy"
        }
    }

    public struct GetSecretValueRequest: AWSEncodableShape {
        /// The ARN or name of the secret to retrieve. For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN.
        public let secretId: String
        /// The unique identifier of the version of the secret to retrieve. If you include both this parameter and VersionStage, the two parameters must refer to the same secret version. If you don't specify either a VersionStage or VersionId, then Secrets Manager returns the AWSCURRENT version. This value is typically a UUID-type value with 32 hexadecimal digits.
        public let versionId: String?
        /// The staging label of the version of the secret to retrieve.  Secrets Manager uses staging labels to keep track of different versions during the rotation process. If you include both this parameter and VersionId, the two parameters must refer to the same secret version. If you don't specify either a VersionStage or VersionId, Secrets Manager returns the AWSCURRENT version.
        public let versionStage: String?

        public init(secretId: String, versionId: String? = nil, versionStage: String? = nil) {
            self.secretId = secretId
            self.versionId = versionId
            self.versionStage = versionStage
        }

        public func validate(name: String) throws {
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
            try self.validate(self.versionId, name: "versionId", parent: name, max: 64)
            try self.validate(self.versionId, name: "versionId", parent: name, min: 32)
            try self.validate(self.versionStage, name: "versionStage", parent: name, max: 256)
            try self.validate(self.versionStage, name: "versionStage", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case secretId = "SecretId"
            case versionId = "VersionId"
            case versionStage = "VersionStage"
        }
    }

    public struct GetSecretValueResponse: AWSDecodableShape {
        /// The ARN of the secret.
        public let arn: String?
        /// The date and time that this version of the secret was created. If you don't specify  which version in VersionId or VersionStage, then Secrets Manager uses the  AWSCURRENT version.
        public let createdDate: Date?
        /// The friendly name of the secret.
        public let name: String?
        /// The decrypted secret value, if the secret value was originally provided as binary data in the form of a byte array. The response parameter represents the binary data as a base64-encoded string. If the secret was created by using the Secrets Manager console, or if the secret value was  originally provided as a string, then this field is omitted. The secret value appears in  SecretString instead.
        public let secretBinary: AWSBase64Data?
        /// The decrypted secret value, if the secret value was originally provided as a string or  through the Secrets Manager console. If this secret was created by using the console, then Secrets Manager stores the information as a JSON structure of key/value pairs.
        public let secretString: String?
        /// The unique identifier of this version of the secret.
        public let versionId: String?
        /// A list of all of the staging labels currently attached to this version of the secret.
        public let versionStages: [String]?

        public init(arn: String? = nil, createdDate: Date? = nil, name: String? = nil, secretBinary: AWSBase64Data? = nil, secretString: String? = nil, versionId: String? = nil, versionStages: [String]? = nil) {
            self.arn = arn
            self.createdDate = createdDate
            self.name = name
            self.secretBinary = secretBinary
            self.secretString = secretString
            self.versionId = versionId
            self.versionStages = versionStages
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case createdDate = "CreatedDate"
            case name = "Name"
            case secretBinary = "SecretBinary"
            case secretString = "SecretString"
            case versionId = "VersionId"
            case versionStages = "VersionStages"
        }
    }

    public struct ListSecretVersionIdsRequest: AWSEncodableShape {
        /// Specifies whether to include versions of secrets that don't have any staging labels attached to them. Versions without staging labels are considered deprecated and are subject to deletion by Secrets Manager.
        public let includeDeprecated: Bool?
        /// The number of results to include in the response. If there are more results available, in the response, Secrets Manager includes NextToken.  To get the next results, call ListSecretVersionIds again with the value from NextToken.
        public let maxResults: Int?
        /// A token that indicates where the output should continue from, if a previous call  did not show all results. To get the next results, call ListSecretVersionIds again with  this value.
        public let nextToken: String?
        /// The ARN or name of the secret whose versions you want to list. For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN.
        public let secretId: String

        public init(includeDeprecated: Bool? = nil, maxResults: Int? = nil, nextToken: String? = nil, secretId: String) {
            self.includeDeprecated = includeDeprecated
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.secretId = secretId
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 100)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 4096)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case includeDeprecated = "IncludeDeprecated"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case secretId = "SecretId"
        }
    }

    public struct ListSecretVersionIdsResponse: AWSDecodableShape {
        /// The ARN of the secret.
        public let arn: String?
        /// The name of the secret.
        public let name: String?
        /// Secrets Manager includes this value if there's more output available than what is included  in the current response. This can occur even when the response includes no values at all,  such as when you ask for a filtered view of a long list. To get the next results,  call ListSecretVersionIds again with this value.
        public let nextToken: String?
        /// A list of the versions of the secret.
        public let versions: [SecretVersionsListEntry]?

        public init(arn: String? = nil, name: String? = nil, nextToken: String? = nil, versions: [SecretVersionsListEntry]? = nil) {
            self.arn = arn
            self.name = name
            self.nextToken = nextToken
            self.versions = versions
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case name = "Name"
            case nextToken = "NextToken"
            case versions = "Versions"
        }
    }

    public struct ListSecretsRequest: AWSEncodableShape {
        /// The filters to apply to the list of secrets.
        public let filters: [Filter]?
        public let includePlannedDeletion: Bool?
        /// The number of results to include in the response. If there are more results available, in the response, Secrets Manager includes NextToken.  To get the next results, call ListSecrets again with the value from  NextToken.
        public let maxResults: Int?
        /// A token that indicates where the output should continue from, if a  previous call did not show all results. To get the next results, call ListSecrets again  with this value.
        public let nextToken: String?
        /// Secrets are listed by CreatedDate.
        public let sortOrder: SortOrderType?

        public init(filters: [Filter]? = nil, includePlannedDeletion: Bool? = nil, maxResults: Int? = nil, nextToken: String? = nil, sortOrder: SortOrderType? = nil) {
            self.filters = filters
            self.includePlannedDeletion = includePlannedDeletion
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.sortOrder = sortOrder
        }

        public func validate(name: String) throws {
            try self.filters?.forEach {
                try $0.validate(name: "\(name).filters[]")
            }
            try self.validate(self.filters, name: "filters", parent: name, max: 10)
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 100)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 4096)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case filters = "Filters"
            case includePlannedDeletion = "IncludePlannedDeletion"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case sortOrder = "SortOrder"
        }
    }

    public struct ListSecretsResponse: AWSDecodableShape {
        /// Secrets Manager includes this value if   there's more output available than what is included in the current response. This can  occur even when the response includes no values at all, such as when you ask for a filtered view  of a long list. To get the next results, call ListSecrets again  with this value.
        public let nextToken: String?
        /// A list of the secrets in the account.
        public let secretList: [SecretListEntry]?

        public init(nextToken: String? = nil, secretList: [SecretListEntry]? = nil) {
            self.nextToken = nextToken
            self.secretList = secretList
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case secretList = "SecretList"
        }
    }

    public struct PutResourcePolicyRequest: AWSEncodableShape {
        /// Specifies whether to block resource-based policies that allow broad access to the secret, for example those that use a wildcard for the principal.
        public let blockPublicPolicy: Bool?
        /// A JSON-formatted string for an Amazon Web Services resource-based policy. For example policies, see Permissions  policy examples.
        public let resourcePolicy: String
        /// The ARN or name of the secret to attach the resource-based policy. For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN.
        public let secretId: String

        public init(blockPublicPolicy: Bool? = nil, resourcePolicy: String, secretId: String) {
            self.blockPublicPolicy = blockPublicPolicy
            self.resourcePolicy = resourcePolicy
            self.secretId = secretId
        }

        public func validate(name: String) throws {
            try self.validate(self.resourcePolicy, name: "resourcePolicy", parent: name, max: 20480)
            try self.validate(self.resourcePolicy, name: "resourcePolicy", parent: name, min: 1)
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case blockPublicPolicy = "BlockPublicPolicy"
            case resourcePolicy = "ResourcePolicy"
            case secretId = "SecretId"
        }
    }

    public struct PutResourcePolicyResponse: AWSDecodableShape {
        /// The ARN of the secret.
        public let arn: String?
        /// The name of the secret.
        public let name: String?

        public init(arn: String? = nil, name: String? = nil) {
            self.arn = arn
            self.name = name
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case name = "Name"
        }
    }

    public struct PutSecretValueRequest: AWSEncodableShape {
        /// A unique identifier for the new version of the secret.   If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can leave this parameter empty because they generate a random UUID for you. If you don't  use the SDK and instead generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a ClientRequestToken yourself for new versions and include that value in the request.   This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during the Lambda rotation function processing. We recommend that you generate a UUID-type value to ensure uniqueness within the specified secret.    If the ClientRequestToken value isn't already associated with a version of the secret then a new version of the secret is created.    If a version with this value already exists and that version's SecretString or SecretBinary values are the same as those in the request then the request is ignored. The operation is idempotent.    If a version with this value already exists and the version of the SecretString and SecretBinary values are different from those in the request, then the request fails because you can't modify a secret  version. You can only create new versions to store new secret values.   This value becomes the VersionId of the new version.
        public let clientRequestToken: String?
        /// The binary data to encrypt and store in the new version of the secret. To use this parameter in the command-line tools, we recommend that you store your binary data in a file and then pass the contents of the file as a parameter.  You must include SecretBinary or SecretString, but not both. You can't access this value from the Secrets Manager console.
        public let secretBinary: AWSBase64Data?
        /// The ARN or name of the secret to add a new version to. For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN. If the secret doesn't already exist, use CreateSecret instead.
        public let secretId: String
        /// The text to encrypt and store in the new version of the secret.  You must include SecretBinary or SecretString, but not both. We recommend you create the secret string as JSON key/value pairs, as shown in the example.
        public let secretString: String?
        /// A list of staging labels to attach to this version of the secret. Secrets Manager uses staging labels to track versions of a secret through the rotation process. If you specify a staging label that's already associated with a different version of the same secret, then Secrets Manager   removes the label from the other version and attaches it to this version.  If you specify  AWSCURRENT, and it is already attached to another version, then Secrets Manager also   moves the staging label AWSPREVIOUS to the version that AWSCURRENT was removed from. If you don't include VersionStages, then Secrets Manager automatically moves the staging label AWSCURRENT to this version.
        public let versionStages: [String]?

        public init(clientRequestToken: String? = PutSecretValueRequest.idempotencyToken(), secretBinary: AWSBase64Data? = nil, secretId: String, secretString: String? = nil, versionStages: [String]? = nil) {
            self.clientRequestToken = clientRequestToken
            self.secretBinary = secretBinary
            self.secretId = secretId
            self.secretString = secretString
            self.versionStages = versionStages
        }

        public func validate(name: String) throws {
            try self.validate(self.clientRequestToken, name: "clientRequestToken", parent: name, max: 64)
            try self.validate(self.clientRequestToken, name: "clientRequestToken", parent: name, min: 32)
            try self.validate(self.secretBinary, name: "secretBinary", parent: name, max: 65536)
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
            try self.validate(self.secretString, name: "secretString", parent: name, max: 65536)
            try self.versionStages?.forEach {
                try validate($0, name: "versionStages[]", parent: name, max: 256)
                try validate($0, name: "versionStages[]", parent: name, min: 1)
            }
            try self.validate(self.versionStages, name: "versionStages", parent: name, max: 20)
            try self.validate(self.versionStages, name: "versionStages", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case clientRequestToken = "ClientRequestToken"
            case secretBinary = "SecretBinary"
            case secretId = "SecretId"
            case secretString = "SecretString"
            case versionStages = "VersionStages"
        }
    }

    public struct PutSecretValueResponse: AWSDecodableShape {
        /// The ARN of the secret.
        public let arn: String?
        /// The name of the secret.
        public let name: String?
        /// The unique identifier of the version of the secret.
        public let versionId: String?
        /// The list of staging labels that are currently attached to this version of the secret. Secrets Manager uses staging labels to track a version as it progresses through the secret rotation process.
        public let versionStages: [String]?

        public init(arn: String? = nil, name: String? = nil, versionId: String? = nil, versionStages: [String]? = nil) {
            self.arn = arn
            self.name = name
            self.versionId = versionId
            self.versionStages = versionStages
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case name = "Name"
            case versionId = "VersionId"
            case versionStages = "VersionStages"
        }
    }

    public struct RemoveRegionsFromReplicationRequest: AWSEncodableShape {
        /// The Regions of the replicas to remove.
        public let removeReplicaRegions: [String]
        /// The ARN or name of the secret.
        public let secretId: String

        public init(removeReplicaRegions: [String], secretId: String) {
            self.removeReplicaRegions = removeReplicaRegions
            self.secretId = secretId
        }

        public func validate(name: String) throws {
            try self.removeReplicaRegions.forEach {
                try validate($0, name: "removeReplicaRegions[]", parent: name, max: 128)
                try validate($0, name: "removeReplicaRegions[]", parent: name, min: 1)
                try validate($0, name: "removeReplicaRegions[]", parent: name, pattern: "^([a-z]+-)+\\d+$")
            }
            try self.validate(self.removeReplicaRegions, name: "removeReplicaRegions", parent: name, min: 1)
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case removeReplicaRegions = "RemoveReplicaRegions"
            case secretId = "SecretId"
        }
    }

    public struct RemoveRegionsFromReplicationResponse: AWSDecodableShape {
        /// The ARN of the primary secret.
        public let arn: String?
        /// The status of replicas for this secret after you remove Regions.
        public let replicationStatus: [ReplicationStatusType]?

        public init(arn: String? = nil, replicationStatus: [ReplicationStatusType]? = nil) {
            self.arn = arn
            self.replicationStatus = replicationStatus
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case replicationStatus = "ReplicationStatus"
        }
    }

    public struct ReplicaRegionType: AWSEncodableShape {
        /// The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include this field, Secrets Manager uses aws/secretsmanager.
        public let kmsKeyId: String?
        /// A Region code. For a list of Region codes, see Name and code of Regions.
        public let region: String?

        public init(kmsKeyId: String? = nil, region: String? = nil) {
            self.kmsKeyId = kmsKeyId
            self.region = region
        }

        public func validate(name: String) throws {
            try self.validate(self.kmsKeyId, name: "kmsKeyId", parent: name, max: 2048)
            try self.validate(self.region, name: "region", parent: name, max: 128)
            try self.validate(self.region, name: "region", parent: name, min: 1)
            try self.validate(self.region, name: "region", parent: name, pattern: "^([a-z]+-)+\\d+$")
        }

        private enum CodingKeys: String, CodingKey {
            case kmsKeyId = "KmsKeyId"
            case region = "Region"
        }
    }

    public struct ReplicateSecretToRegionsRequest: AWSEncodableShape {
        /// A list of Regions in which to replicate the secret.
        public let addReplicaRegions: [ReplicaRegionType]
        /// Specifies whether to overwrite a secret with the same name in the destination Region.
        public let forceOverwriteReplicaSecret: Bool?
        /// The ARN or name of the secret to replicate.
        public let secretId: String

        public init(addReplicaRegions: [ReplicaRegionType], forceOverwriteReplicaSecret: Bool? = nil, secretId: String) {
            self.addReplicaRegions = addReplicaRegions
            self.forceOverwriteReplicaSecret = forceOverwriteReplicaSecret
            self.secretId = secretId
        }

        public func validate(name: String) throws {
            try self.addReplicaRegions.forEach {
                try $0.validate(name: "\(name).addReplicaRegions[]")
            }
            try self.validate(self.addReplicaRegions, name: "addReplicaRegions", parent: name, min: 1)
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case addReplicaRegions = "AddReplicaRegions"
            case forceOverwriteReplicaSecret = "ForceOverwriteReplicaSecret"
            case secretId = "SecretId"
        }
    }

    public struct ReplicateSecretToRegionsResponse: AWSDecodableShape {
        /// The ARN of the primary secret.
        public let arn: String?
        /// The status of replication.
        public let replicationStatus: [ReplicationStatusType]?

        public init(arn: String? = nil, replicationStatus: [ReplicationStatusType]? = nil) {
            self.arn = arn
            self.replicationStatus = replicationStatus
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case replicationStatus = "ReplicationStatus"
        }
    }

    public struct ReplicationStatusType: AWSDecodableShape {
        /// Can be an ARN, Key ID, or Alias.
        public let kmsKeyId: String?
        /// The date that the secret was last accessed in the Region. This field is omitted if the secret has never been retrieved in the Region.
        public let lastAccessedDate: Date?
        /// The Region where replication occurs.
        public let region: String?
        /// The status can be InProgress, Failed, or InSync.
        public let status: StatusType?
        /// Status message such as "Secret with this name already exists in this region".
        public let statusMessage: String?

        public init(kmsKeyId: String? = nil, lastAccessedDate: Date? = nil, region: String? = nil, status: StatusType? = nil, statusMessage: String? = nil) {
            self.kmsKeyId = kmsKeyId
            self.lastAccessedDate = lastAccessedDate
            self.region = region
            self.status = status
            self.statusMessage = statusMessage
        }

        private enum CodingKeys: String, CodingKey {
            case kmsKeyId = "KmsKeyId"
            case lastAccessedDate = "LastAccessedDate"
            case region = "Region"
            case status = "Status"
            case statusMessage = "StatusMessage"
        }
    }

    public struct RestoreSecretRequest: AWSEncodableShape {
        /// The ARN or name of the secret to restore. For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN.
        public let secretId: String

        public init(secretId: String) {
            self.secretId = secretId
        }

        public func validate(name: String) throws {
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case secretId = "SecretId"
        }
    }

    public struct RestoreSecretResponse: AWSDecodableShape {
        /// The ARN of the secret that was restored.
        public let arn: String?
        /// The name of the secret that was restored.
        public let name: String?

        public init(arn: String? = nil, name: String? = nil) {
            self.arn = arn
            self.name = name
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case name = "Name"
        }
    }

    public struct RotateSecretRequest: AWSEncodableShape {
        /// A unique identifier for the new version of the secret that helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during rotation. This value becomes the VersionId of the new version. If you use the Amazon Web Services CLI or one of the Amazon Web Services SDK to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes that in the request for this parameter. If you don't use the SDK and instead generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a ClientRequestToken yourself for new versions and include that value in the request. You only need to specify this value if you implement your own retry logic and you want to ensure that Secrets Manager doesn't attempt to create a secret version twice. We recommend that you generate a UUID-type value to ensure uniqueness within the specified secret.
        public let clientRequestToken: String?
        /// Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.  The rotation schedule is defined in RotateSecretRequest$RotationRules. If you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the   testSecret  step of the Lambda rotation function. The test creates an AWSPENDING version of the secret and then removes it. If you don't specify this value, then by default, Secrets Manager rotates the secret immediately.
        public let rotateImmediately: Bool?
        /// The ARN of the Lambda rotation function that can rotate the secret.
        public let rotationLambdaARN: String?
        /// A structure that defines the rotation configuration for this secret.
        public let rotationRules: RotationRulesType?
        /// The ARN or name of the secret to rotate. For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN.
        public let secretId: String

        public init(clientRequestToken: String? = RotateSecretRequest.idempotencyToken(), rotateImmediately: Bool? = nil, rotationLambdaARN: String? = nil, rotationRules: RotationRulesType? = nil, secretId: String) {
            self.clientRequestToken = clientRequestToken
            self.rotateImmediately = rotateImmediately
            self.rotationLambdaARN = rotationLambdaARN
            self.rotationRules = rotationRules
            self.secretId = secretId
        }

        public func validate(name: String) throws {
            try self.validate(self.clientRequestToken, name: "clientRequestToken", parent: name, max: 64)
            try self.validate(self.clientRequestToken, name: "clientRequestToken", parent: name, min: 32)
            try self.validate(self.rotationLambdaARN, name: "rotationLambdaARN", parent: name, max: 2048)
            try self.rotationRules?.validate(name: "\(name).rotationRules")
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case clientRequestToken = "ClientRequestToken"
            case rotateImmediately = "RotateImmediately"
            case rotationLambdaARN = "RotationLambdaARN"
            case rotationRules = "RotationRules"
            case secretId = "SecretId"
        }
    }

    public struct RotateSecretResponse: AWSDecodableShape {
        /// The ARN of the secret.
        public let arn: String?
        /// The name of the secret.
        public let name: String?
        /// The ID of the new version of the secret.
        public let versionId: String?

        public init(arn: String? = nil, name: String? = nil, versionId: String? = nil) {
            self.arn = arn
            self.name = name
            self.versionId = versionId
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case name = "Name"
            case versionId = "VersionId"
        }
    }

    public struct RotationRulesType: AWSEncodableShape & AWSDecodableShape {
        /// The number of days between automatic scheduled rotations of the secret. You can use this  value to check that your secret meets your compliance guidelines for how often secrets must  be rotated. In DescribeSecret and ListSecrets, this value is calculated from  the rotation schedule after every successful rotation. In RotateSecret, you can  set the rotation schedule in RotationRules with AutomaticallyAfterDays or ScheduleExpression, but not both. To set a rotation schedule in hours, use  ScheduleExpression.
        public let automaticallyAfterDays: Int64?
        /// The length of the rotation window in hours, for example 3h for a three  hour window. Secrets Manager rotates your secret at any time during this window. The window must not  extend into the next rotation window or the next UTC day. The window starts according to the ScheduleExpression. If you don't specify a Duration,  for a ScheduleExpression in hours, the window automatically closes after one  hour. For a ScheduleExpression in days, the window automatically closes at the  end of the UTC day. For  more information, including examples, see Schedule expressions  in Secrets Manager rotation in the Secrets Manager Users Guide.
        public let duration: String?
        /// A cron() or rate() expression that defines the schedule for  rotating your secret. Secrets Manager rotation schedules use UTC time zone. Secrets Manager rotates your secret any time during a rotation window. Secrets Manager rate() expressions represent the interval in hours or days that you  want to rotate your secret, for example rate(12 hours) or  rate(10 days). You can rotate a secret as often as every four hours. If you  use a rate() expression, the rotation  window starts at midnight. For a rate in hours, the default rotation window closes after one  hour. For a rate in days, the default rotation window closes at the end of the day. You can  set the Duration to change the rotation window. The rotation window must not  extend into the next UTC day or into the next rotation window. You can use a cron() expression to create a rotation schedule that is  more detailed than a rotation interval. For more information, including examples, see  Schedule expressions in  Secrets Manager rotation in the Secrets Manager Users Guide. For a cron expression  that represents a schedule in hours, the default rotation window closes after one hour. For  a cron expression that represents a schedule in days, the default rotation window closes at  the end of the day. You can set the Duration to change the rotation window. The  rotation window must not extend into the next UTC day or into the next rotation window.
        public let scheduleExpression: String?

        public init(automaticallyAfterDays: Int64? = nil, duration: String? = nil, scheduleExpression: String? = nil) {
            self.automaticallyAfterDays = automaticallyAfterDays
            self.duration = duration
            self.scheduleExpression = scheduleExpression
        }

        public func validate(name: String) throws {
            try self.validate(self.automaticallyAfterDays, name: "automaticallyAfterDays", parent: name, max: 1000)
            try self.validate(self.automaticallyAfterDays, name: "automaticallyAfterDays", parent: name, min: 1)
            try self.validate(self.duration, name: "duration", parent: name, max: 3)
            try self.validate(self.duration, name: "duration", parent: name, min: 2)
            try self.validate(self.duration, name: "duration", parent: name, pattern: "^[0-9h]+$")
            try self.validate(self.scheduleExpression, name: "scheduleExpression", parent: name, max: 256)
            try self.validate(self.scheduleExpression, name: "scheduleExpression", parent: name, min: 1)
            try self.validate(self.scheduleExpression, name: "scheduleExpression", parent: name, pattern: "^[0-9A-Za-z\\(\\)#\\?\\*\\-\\/, ]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case automaticallyAfterDays = "AutomaticallyAfterDays"
            case duration = "Duration"
            case scheduleExpression = "ScheduleExpression"
        }
    }

    public struct SecretListEntry: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the secret.
        public let arn: String?
        /// The date and time when a secret was created.
        public let createdDate: Date?
        /// The date and time the deletion of the secret occurred. Not present on active secrets. The secret can be recovered until the number of days in the recovery window has passed, as specified in the RecoveryWindowInDays parameter of the  DeleteSecret operation.
        public let deletedDate: Date?
        /// The user-provided description of the secret.
        public let description: String?
        /// The ARN of the KMS key that Secrets Manager uses to encrypt the secret value. If the secret is encrypted with  the Amazon Web Services managed key aws/secretsmanager, this field is omitted.
        public let kmsKeyId: String?
        /// The date that the secret was last accessed in the Region. This field is omitted if the secret has never been retrieved in the Region.
        public let lastAccessedDate: Date?
        /// The last date and time that this secret was modified in any way.
        public let lastChangedDate: Date?
        /// The most recent date and time that the Secrets Manager rotation process was successfully completed. This value is null if the secret hasn't ever rotated.
        public let lastRotatedDate: Date?
        /// The friendly name of the secret. You can use forward slashes in the name to represent a path hierarchy. For example, /prod/databases/dbserver1 could represent the secret for a server named dbserver1 in the folder databases in the folder prod.
        public let name: String?
        public let nextRotationDate: Date?
        /// Returns the name of the service that created the secret.
        public let owningService: String?
        /// The Region where Secrets Manager originated the secret.
        public let primaryRegion: String?
        /// Indicates whether automatic, scheduled rotation is enabled for this secret.
        public let rotationEnabled: Bool?
        /// The ARN of an Amazon Web Services Lambda function invoked by Secrets Manager to rotate and expire the secret either automatically per the schedule or manually by a call to  RotateSecret .
        public let rotationLambdaARN: String?
        /// A structure that defines the rotation configuration for the secret.
        public let rotationRules: RotationRulesType?
        /// A list of all of the currently assigned SecretVersionStage staging labels and the SecretVersionId attached to each one. Staging labels are used to keep track of the different versions during the rotation process.  A version that does not have any SecretVersionStage is considered deprecated and subject to deletion. Such versions are not included in this list.
        public let secretVersionsToStages: [String: [String]]?
        /// The list of user-defined tags associated with the secret. To add tags to a secret, use  TagResource .  To remove tags, use  UntagResource .
        public let tags: [Tag]?

        public init(arn: String? = nil, createdDate: Date? = nil, deletedDate: Date? = nil, description: String? = nil, kmsKeyId: String? = nil, lastAccessedDate: Date? = nil, lastChangedDate: Date? = nil, lastRotatedDate: Date? = nil, name: String? = nil, nextRotationDate: Date? = nil, owningService: String? = nil, primaryRegion: String? = nil, rotationEnabled: Bool? = nil, rotationLambdaARN: String? = nil, rotationRules: RotationRulesType? = nil, secretVersionsToStages: [String: [String]]? = nil, tags: [Tag]? = nil) {
            self.arn = arn
            self.createdDate = createdDate
            self.deletedDate = deletedDate
            self.description = description
            self.kmsKeyId = kmsKeyId
            self.lastAccessedDate = lastAccessedDate
            self.lastChangedDate = lastChangedDate
            self.lastRotatedDate = lastRotatedDate
            self.name = name
            self.nextRotationDate = nextRotationDate
            self.owningService = owningService
            self.primaryRegion = primaryRegion
            self.rotationEnabled = rotationEnabled
            self.rotationLambdaARN = rotationLambdaARN
            self.rotationRules = rotationRules
            self.secretVersionsToStages = secretVersionsToStages
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case createdDate = "CreatedDate"
            case deletedDate = "DeletedDate"
            case description = "Description"
            case kmsKeyId = "KmsKeyId"
            case lastAccessedDate = "LastAccessedDate"
            case lastChangedDate = "LastChangedDate"
            case lastRotatedDate = "LastRotatedDate"
            case name = "Name"
            case nextRotationDate = "NextRotationDate"
            case owningService = "OwningService"
            case primaryRegion = "PrimaryRegion"
            case rotationEnabled = "RotationEnabled"
            case rotationLambdaARN = "RotationLambdaARN"
            case rotationRules = "RotationRules"
            case secretVersionsToStages = "SecretVersionsToStages"
            case tags = "Tags"
        }
    }

    public struct SecretVersionsListEntry: AWSDecodableShape {
        /// The date and time this version of the secret was created.
        public let createdDate: Date?
        /// The KMS keys used to encrypt the secret version.
        public let kmsKeyIds: [String]?
        /// The date that this version of the secret was last accessed. Note that the resolution of this field is at the date level and does not include the time.
        public let lastAccessedDate: Date?
        /// The unique version identifier of this version of the secret.
        public let versionId: String?
        /// An array of staging labels that are currently associated with this version of the secret.
        public let versionStages: [String]?

        public init(createdDate: Date? = nil, kmsKeyIds: [String]? = nil, lastAccessedDate: Date? = nil, versionId: String? = nil, versionStages: [String]? = nil) {
            self.createdDate = createdDate
            self.kmsKeyIds = kmsKeyIds
            self.lastAccessedDate = lastAccessedDate
            self.versionId = versionId
            self.versionStages = versionStages
        }

        private enum CodingKeys: String, CodingKey {
            case createdDate = "CreatedDate"
            case kmsKeyIds = "KmsKeyIds"
            case lastAccessedDate = "LastAccessedDate"
            case versionId = "VersionId"
            case versionStages = "VersionStages"
        }
    }

    public struct StopReplicationToReplicaRequest: AWSEncodableShape {
        /// The ARN of the primary secret.
        public let secretId: String

        public init(secretId: String) {
            self.secretId = secretId
        }

        public func validate(name: String) throws {
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case secretId = "SecretId"
        }
    }

    public struct StopReplicationToReplicaResponse: AWSDecodableShape {
        /// The ARN of the promoted secret. The ARN is the same as the original primary secret except the Region is changed.
        public let arn: String?

        public init(arn: String? = nil) {
            self.arn = arn
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
        }
    }

    public struct Tag: AWSEncodableShape & AWSDecodableShape {
        /// The key identifier, or name, of the tag.
        public let key: String?
        /// The string value associated with the key of the tag.
        public let value: String?

        public init(key: String? = nil, value: String? = nil) {
            self.key = key
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.key, name: "key", parent: name, max: 128)
            try self.validate(self.key, name: "key", parent: name, min: 1)
            try self.validate(self.value, name: "value", parent: name, max: 256)
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
            case value = "Value"
        }
    }

    public struct TagResourceRequest: AWSEncodableShape {
        /// The identifier for the secret to attach tags to. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN.
        public let secretId: String
        /// The tags to attach to the secret as a JSON text string argument. Each element in the list consists of a Key and a Value. For storing multiple values, we recommend that you use a JSON text  string argument and specify key/value pairs. For more information, see Specifying parameter values for the Amazon Web Services CLI in the Amazon Web Services CLI User Guide.
        public let tags: [Tag]

        public init(secretId: String, tags: [Tag]) {
            self.secretId = secretId
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case secretId = "SecretId"
            case tags = "Tags"
        }
    }

    public struct UntagResourceRequest: AWSEncodableShape {
        /// The ARN or name of the secret. For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN.
        public let secretId: String
        /// A list of tag key names to remove from the secret. You don't specify the value. Both the key and its associated value are removed. This parameter requires a JSON text string argument. For storing multiple values, we recommend that you use a JSON text  string argument and specify key/value pairs. For more information, see Specifying parameter values for the Amazon Web Services CLI in the Amazon Web Services CLI User Guide.
        public let tagKeys: [String]

        public init(secretId: String, tagKeys: [String]) {
            self.secretId = secretId
            self.tagKeys = tagKeys
        }

        public func validate(name: String) throws {
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
            }
        }

        private enum CodingKeys: String, CodingKey {
            case secretId = "SecretId"
            case tagKeys = "TagKeys"
        }
    }

    public struct UpdateSecretRequest: AWSEncodableShape {
        /// If you include SecretString or SecretBinary, then Secrets Manager creates  a new version for the secret, and this parameter specifies the unique identifier for the new  version.  If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it as the value for this parameter in the request. If you don't use the SDK and instead generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a ClientRequestToken yourself for the new version and include the value in the request.  This value becomes the VersionId of the new version.
        public let clientRequestToken: String?
        /// The description of the secret.
        public let description: String?
        /// The ARN, key ID, or alias of the KMS key that Secrets Manager  uses to encrypt new secret versions as well as any existing versions with the staging labels  AWSCURRENT, AWSPENDING, or AWSPREVIOUS.  For more information about versions and staging labels, see Concepts: Version. A key alias is always prefixed by alias/, for example alias/aws/secretsmanager. For more information, see About aliases. If you set this to an empty string, Secrets Manager uses the Amazon Web Services managed key  aws/secretsmanager. If this key doesn't already exist in your account, then Secrets Manager  creates it for you automatically. All users and roles in the Amazon Web Services account automatically have access  to use aws/secretsmanager. Creating aws/secretsmanager can result in a one-time  significant delay in returning the result.    You can only use the Amazon Web Services managed key aws/secretsmanager if you call this operation using credentials from the same Amazon Web Services account that owns the secret. If the secret is in a different account, then you must use a customer managed key and provide the ARN of that KMS key in this field. The user making the call must have permissions to both the secret and the KMS key in their respective accounts.
        public let kmsKeyId: String?
        /// The binary data to encrypt and store in the new version of the secret. We recommend that you store your binary data in a file and then pass the contents of the file as a parameter.  Either SecretBinary or SecretString must have a value, but not both. You can't access this parameter in the Secrets Manager console.
        public let secretBinary: AWSBase64Data?
        /// The ARN or name of the secret. For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN.
        public let secretId: String
        /// The text data to encrypt and store in the new version of the secret. We recommend you use a JSON structure of key/value pairs for your secret value.  Either SecretBinary or SecretString must have a value, but not both.
        public let secretString: String?

        public init(clientRequestToken: String? = UpdateSecretRequest.idempotencyToken(), description: String? = nil, kmsKeyId: String? = nil, secretBinary: AWSBase64Data? = nil, secretId: String, secretString: String? = nil) {
            self.clientRequestToken = clientRequestToken
            self.description = description
            self.kmsKeyId = kmsKeyId
            self.secretBinary = secretBinary
            self.secretId = secretId
            self.secretString = secretString
        }

        public func validate(name: String) throws {
            try self.validate(self.clientRequestToken, name: "clientRequestToken", parent: name, max: 64)
            try self.validate(self.clientRequestToken, name: "clientRequestToken", parent: name, min: 32)
            try self.validate(self.description, name: "description", parent: name, max: 2048)
            try self.validate(self.kmsKeyId, name: "kmsKeyId", parent: name, max: 2048)
            try self.validate(self.secretBinary, name: "secretBinary", parent: name, max: 65536)
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
            try self.validate(self.secretString, name: "secretString", parent: name, max: 65536)
        }

        private enum CodingKeys: String, CodingKey {
            case clientRequestToken = "ClientRequestToken"
            case description = "Description"
            case kmsKeyId = "KmsKeyId"
            case secretBinary = "SecretBinary"
            case secretId = "SecretId"
            case secretString = "SecretString"
        }
    }

    public struct UpdateSecretResponse: AWSDecodableShape {
        /// The ARN of the secret that was updated.
        public let arn: String?
        /// The name of the secret that was updated.
        public let name: String?
        /// If Secrets Manager created a new version of the secret during this operation, then VersionId contains the unique identifier of the new version.
        public let versionId: String?

        public init(arn: String? = nil, name: String? = nil, versionId: String? = nil) {
            self.arn = arn
            self.name = name
            self.versionId = versionId
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case name = "Name"
            case versionId = "VersionId"
        }
    }

    public struct UpdateSecretVersionStageRequest: AWSEncodableShape {
        /// The ID of the version to add the staging label to. To remove a label from a version, then do not specify this parameter. If the staging label is already attached to a different version of the secret, then you must also specify the RemoveFromVersionId parameter.
        public let moveToVersionId: String?
        /// The ID of the version that the staging label is to be removed from. If the staging label you are trying to attach to one version is already attached to a different version, then you must include this parameter and specify the version that the label is to be removed from. If the label is attached and you either do not specify this parameter, or the version ID does not match, then the operation fails.
        public let removeFromVersionId: String?
        /// The ARN or the name of the secret with the version and staging labelsto modify. For an ARN, we recommend that you specify a complete ARN rather  than a partial ARN. See Finding a secret from a partial ARN.
        public let secretId: String
        /// The staging label to add to this version.
        public let versionStage: String

        public init(moveToVersionId: String? = nil, removeFromVersionId: String? = nil, secretId: String, versionStage: String) {
            self.moveToVersionId = moveToVersionId
            self.removeFromVersionId = removeFromVersionId
            self.secretId = secretId
            self.versionStage = versionStage
        }

        public func validate(name: String) throws {
            try self.validate(self.moveToVersionId, name: "moveToVersionId", parent: name, max: 64)
            try self.validate(self.moveToVersionId, name: "moveToVersionId", parent: name, min: 32)
            try self.validate(self.removeFromVersionId, name: "removeFromVersionId", parent: name, max: 64)
            try self.validate(self.removeFromVersionId, name: "removeFromVersionId", parent: name, min: 32)
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
            try self.validate(self.versionStage, name: "versionStage", parent: name, max: 256)
            try self.validate(self.versionStage, name: "versionStage", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case moveToVersionId = "MoveToVersionId"
            case removeFromVersionId = "RemoveFromVersionId"
            case secretId = "SecretId"
            case versionStage = "VersionStage"
        }
    }

    public struct UpdateSecretVersionStageResponse: AWSDecodableShape {
        /// The ARN of the secret that was updated.
        public let arn: String?
        /// The name of the secret that was updated.
        public let name: String?

        public init(arn: String? = nil, name: String? = nil) {
            self.arn = arn
            self.name = name
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "ARN"
            case name = "Name"
        }
    }

    public struct ValidateResourcePolicyRequest: AWSEncodableShape {
        /// A JSON-formatted string that contains an Amazon Web Services resource-based policy. The policy in the string identifies who can access or manage this secret and its versions. For example policies, see Permissions policy examples.
        public let resourcePolicy: String
        /// This field is reserved for internal use.
        public let secretId: String?

        public init(resourcePolicy: String, secretId: String? = nil) {
            self.resourcePolicy = resourcePolicy
            self.secretId = secretId
        }

        public func validate(name: String) throws {
            try self.validate(self.resourcePolicy, name: "resourcePolicy", parent: name, max: 20480)
            try self.validate(self.resourcePolicy, name: "resourcePolicy", parent: name, min: 1)
            try self.validate(self.secretId, name: "secretId", parent: name, max: 2048)
            try self.validate(self.secretId, name: "secretId", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case resourcePolicy = "ResourcePolicy"
            case secretId = "SecretId"
        }
    }

    public struct ValidateResourcePolicyResponse: AWSDecodableShape {
        /// True if your policy passes validation, otherwise false.
        public let policyValidationPassed: Bool?
        /// Validation errors if your policy didn't pass validation.
        public let validationErrors: [ValidationErrorsEntry]?

        public init(policyValidationPassed: Bool? = nil, validationErrors: [ValidationErrorsEntry]? = nil) {
            self.policyValidationPassed = policyValidationPassed
            self.validationErrors = validationErrors
        }

        private enum CodingKeys: String, CodingKey {
            case policyValidationPassed = "PolicyValidationPassed"
            case validationErrors = "ValidationErrors"
        }
    }

    public struct ValidationErrorsEntry: AWSDecodableShape {
        /// Checks the name of the policy.
        public let checkName: String?
        /// Displays error messages if validation encounters problems during validation of the resource policy.
        public let errorMessage: String?

        public init(checkName: String? = nil, errorMessage: String? = nil) {
            self.checkName = checkName
            self.errorMessage = errorMessage
        }

        private enum CodingKeys: String, CodingKey {
            case checkName = "CheckName"
            case errorMessage = "ErrorMessage"
        }
    }
}

// MARK: - Errors

/// Error enum for SecretsManager
public struct SecretsManagerErrorType: AWSErrorType {
    enum Code: String {
        case decryptionFailure = "DecryptionFailure"
        case encryptionFailure = "EncryptionFailure"
        case internalServiceError = "InternalServiceError"
        case invalidNextTokenException = "InvalidNextTokenException"
        case invalidParameterException = "InvalidParameterException"
        case invalidRequestException = "InvalidRequestException"
        case limitExceededException = "LimitExceededException"
        case malformedPolicyDocumentException = "MalformedPolicyDocumentException"
        case preconditionNotMetException = "PreconditionNotMetException"
        case publicPolicyException = "PublicPolicyException"
        case resourceExistsException = "ResourceExistsException"
        case resourceNotFoundException = "ResourceNotFoundException"
    }

    private let error: Code
    public let context: AWSErrorContext?

    /// initialize SecretsManager
    public init?(errorCode: String, context: AWSErrorContext) {
        guard let error = Code(rawValue: errorCode) else { return nil }
        self.error = error
        self.context = context
    }

    internal init(_ error: Code) {
        self.error = error
        self.context = nil
    }

    /// return error code string
    public var errorCode: String { self.error.rawValue }

    /// Secrets Manager can&#39;t decrypt the protected secret text using the provided KMS key.
    public static var decryptionFailure: Self { .init(.decryptionFailure) }
    /// Secrets Manager can&#39;t encrypt the protected secret text using the provided KMS key. Check that the KMS key is available, enabled, and not in an invalid state. For more information, see Key state: Effect on your KMS key.
    public static var encryptionFailure: Self { .init(.encryptionFailure) }
    /// An error occurred on the server side.
    public static var internalServiceError: Self { .init(.internalServiceError) }
    /// The NextToken value is invalid.
    public static var invalidNextTokenException: Self { .init(.invalidNextTokenException) }
    /// The parameter name or value is invalid.
    public static var invalidParameterException: Self { .init(.invalidParameterException) }
    /// A parameter value is not valid for the current state of the resource. Possible causes:   The secret is scheduled for deletion.   You tried to enable rotation on a secret that doesn&#39;t already have a Lambda function ARN configured and you didn&#39;t include such an ARN as a parameter in this call.    The secret is managed by another service, and you must use that service to update it.  For more information, see Secrets managed by other Amazon Web Services services.
    public static var invalidRequestException: Self { .init(.invalidRequestException) }
    /// The request failed because it would exceed one of the Secrets Manager quotas.
    public static var limitExceededException: Self { .init(.limitExceededException) }
    /// The resource policy has syntax errors.
    public static var malformedPolicyDocumentException: Self { .init(.malformedPolicyDocumentException) }
    /// The request failed because you did not complete all the prerequisite steps.
    public static var preconditionNotMetException: Self { .init(.preconditionNotMetException) }
    /// The BlockPublicPolicy parameter is set to true, and the resource policy did not prevent broad access to the secret.
    public static var publicPolicyException: Self { .init(.publicPolicyException) }
    /// A resource with the ID you requested already exists.
    public static var resourceExistsException: Self { .init(.resourceExistsException) }
    /// Secrets Manager can&#39;t find the resource that you asked for.
    public static var resourceNotFoundException: Self { .init(.resourceNotFoundException) }
}

extension SecretsManagerErrorType: Equatable {
    public static func == (lhs: SecretsManagerErrorType, rhs: SecretsManagerErrorType) -> Bool {
        lhs.error == rhs.error
    }
}

extension SecretsManagerErrorType: CustomStringConvertible {
    public var description: String {
        return "\(self.error.rawValue): \(self.message ?? "")"
    }
}
